Rick Dove

Knowledge Management, Response Ability, and the Agile Enterprise

This paper defines the agile enterprise as one which is able to both manage and apply knowledge effectively, and suggests that value from either capability is impeded if they are not in balance. It looks at the application of knowledge as requiring a change, and overviews a body of analytical work on change proficiency in business systems and processes. It looks at knowledge management as a strategic portfolio management responsibility based on learning functionality, and shares knowledge and experience in organizational collaborative learning mechanisms. It introduces the concept of plug-compatible knowledge packaging as a means for increasing the velocity of knowledge diffusion and the likelihood of knowledge understood at the depth of insight. Finally, it reviews a knowledge portfolio management and collaborative knowledge development architecture used successfully in a sizable cross-industry informal-consortia activity, and suggests that it is a good model for a corporate university architecture.

Agile Enterprise Cornerstones: Knowledge, Values, and Response Ability

The concept of the agile enterprise emerged in the early 2990s from a Department of Defense/National Science Foundation-sponsored industry-collaborative study at Lehigh University. The intent was to forecast the competitive environment of 2005 and beyond. The accuracy of that work is evident in today’s emerging business strategies, practices, and technology-infrastructure support. In general, however, agility is creeping into the business environment with compelling spot applications, such as outsourcing and business process management initiatives. This paper examines new risk-management value-understandings, the nature of reality confronted by agile enterprise, and updates previously published agile-enterprise system-engineering concepts. The purpose of this paper is to illuminate requirements for those who would design and build the necessarily agile IT infrastructure support.

Pattern qualifications and examples of next-generation agile system-security strategies

Current system security strategies are failing and cannot be fixed by security engineers alone. The reason for failure is evident: the attack community operates as an intelligent, multi-agent, self organizing, system-of-systems - with swarm intelligence, tight learning loops, fast evolution, and dedicated intent. Next generation security must engage in true co-evolution, engaging in this arms race with systemic self-organization that leverages community and other forms of multiagent architectures at least equally agile to the adversary in six observed common characteristics: self organization, adaptable tactics, reactive resilience, evolvable strategies, proactive innovation, and harmonious operations. These concepts cannot be effectively employed by security engineers on sufficient scale without first being enabled by system engineers working at the architectural level. But even then, without appreciation and concurrence by decision makers, self-organizing strategies will fail to gain sufficient deployment. The principal impediment to developing and fielding these strategies is not lack of know-how, but rather lack of a common language and vision that can remove the decision-maker distrust of self organization and unite system engineers and security engineers in architecturally synergistic solutions. This article reports on a cross-discipline pattern project that is discovering and cataloging patterns of self-organizing system-of-systems security. Pattern cataloging projects generally collect best practice history within a single domain. This cross-domain project is necessarily looking into many domains to find recurrent patterns across ecological systems, biological systems, social systems, network systems, enterprise systems, multi-agent systems, ad-hoc networks, unmanned autonomous systems, and others. The intent is to find multiple examples supporting each pattern drawn from disciplines that are comfortable to systems engineers, security engineers, and decision makers—leading to a design and strategy language meaningful to all three. This project began and continues with graduate studies at Stevens Institute of Technologys School of Systems and Enterprises, was adopted as a project activity by the INCOSE System Security Engineering Working Group, and is indicating potential for broader viral spread. This article presents the nature of the project, the qualification filter for candidate patterns, the descriptive form for patterns, selected exemplar patterns, and lessons learned to date.

Patterns of Self-Organizing Agile Security for Resilient Network Situational Awareness and Sensemaking

The security gap is widening as adversarial communities of all kinds employ more sophisticated techniques and broaden their targets of opportunity. These adversarial communities are structured as self organized proactive collaborators in tight learning loops driving rapid innovation -- preying upon systems protected by wait and see strategies. In this paper we build upon six fundamental characteristics common to adversarial success, suggest that winning security can employ the same characteristics, show two patterns appropriate for resilient network support that fit this criteria, and describe a larger project that is developing a pattern language of next generation agile security. The two patterns described in this paper are modeled on the Biological Immune Systems and on mammalian hierarchical cortical sense making architecture. A technology that appears capable of implementing these patterns in relatively high biological fidelity is briefly introduced to support pattern-employment feasibility.

Self-organizing resilient network sensing (SornS) with very large scale anomaly detection

Anomaly detection promises to find elements of abnormality in a field of data. Computational barriers constrain anomaly detection to sparse subsets of total anomaly space. Barriers manifest in three ways — conserving both pattern memory capacity and pattern matching cycle time, while closing off scalability. The research reported here has discovered and analyzed a technology to eliminate two of these barriers, memory capacity and cycle time, and by targeting implementation at a new VLSI pattern processor, eliminate the third scalability barrier. An example shows how 10 to the 15 patterns integrated as a single gang detector can be stored in 193 bytes of memory, with much larger pattern magnitudes practical as well. The architecture of the gang detector enables complete processing of all 10 to the 15 patterns in time determined by the number of features in a single pattern, rather than the total number of patterns. Scalability is provided by a reconfigurable massively parallel VLSI pattern-matching processor chip that can accommodate a virtually unbounded number of such gang detectors. Anomalous behavior detection promises a way round the limitations of looking only for known attack patterns, but it raises new issues in the cyber domain of higher false positive rates and questionable normal-behavior stability. Work reported in this paper describes the nature and capability of gang detector employment, and suggests that the traditional issues of anomaly detection can be addressed with an architecture that engages in continuous learning and re-profiling of normal behavior, and employs a sensemaking hierarchy to reduce false positives. The architecture is based on process patterns from the biological immune system combined with process patterns of mammalian cortical hierarchical sensemaking.

Pattern Recognition without Tradeoffs: Scalable Accuracy with No Impact on Speed

Automated recognition of patterns in data is constrained by tradeoffs among speed, cost, and accuracy. A new reconfigurable VLSI processor architecture decouples the speed/accuracy tradeoff, and renders the cost/accuracy tradeoff negligible, enabling new performance and new applications. The architecture features massively-parallel, dynamically configurable finite-state-machines which simultaneously process the same data stream. Low cost VLSI fabrication, unbounded scalability, and high speed constant-rate throughput independent of pattern number and complexity breaks current trade space constraints. This paper introduces features of the processor architecture responsible for the decoupling, and shows how current tradeoff structure is altered.

Realsearch: a framework for knowledge management and continuing education

This paper deals with insight as the deep form of knowledge we wish to develop about our business environments, and the form of knowledge we wish to transfer to others who are in business with us. More specifically, this paper describes an insight development process called Realsearch, and its application specifically to the analysis and design of highly adaptable business practices. Realsearch is an issue-focused, principle-based methodology that first defines the nature of a problem before considering solutions. Solutions are then analyzed or designed according to a set of fundamental design principles. Insight is fostered with this cause-and-effect understanding, and communicated within an organization through means of a local metaphor model-which provides a graphic depiction of this cause-and-effect relationship for a known and respected local business practice. One immediately practical application is for directing business process reengineering projects. Another is the capture and mobilization of corporate core competency knowledge. A third important application is in what we now call continuing education-at all employee levels. Insight provides a very different leverage over simple procedural learning and training. Formal education traditionally gives us new rules to employ, training traditionally gives us experience in applying those rules, workshops focus us (sometimes) on real and practical problems, and seminars expose us to someone elses thoughts. None have demonstrated the ability to provide insight consistently-so all have a marginal value by comparison.

A quorum sensing pattern for multi-agent self-organizing security systems

Swarm concepts of various types borrowed from nature have been proposed for multi-agent security approaches. Distributed decision-making in multi-agent systems is of particular interest, and has good application in large networks with end-point agents looking for anomalies and potential threat indications, which in isolation may mean nothing. Quorum sensing (QS) in bacterial systems and Honeybee nest-site selection are two examples of distributed decision making in nature that show promise for reuse in reaching collective conclusions and triggering action in networked cyber systems. This paper examines these two cases of QS in nature and abstracts a generic pattern that qualifies for self-organizing security according to six SAREPH characteristics covered in prior work. The pattern form and qualifying characteristics from this prior work are briefly outlined, and QS in the two different natural systems is shown to reach a tipping point based on the density of independent agents with relevant similarities. The inter-agent signaling mechanisms are shown to be central to the process, and the abstracted core pattern is discussed with the conflicting forces that have to be resolved in any application of the pattern. Illustrative examples of both deployed and proposed security approaches are then shown employing this pattern, along with a pseudo-code model for an appropriate signaling mechanism inspired by a paper on social network quorum achievement.

Knowledge Management and Agility: Relationships and Roles

Agility is characterized as deriving from a balance of both the physical ability to act (response ability) and the intellectual ability to understand what to act upon (knowledge management). The relationship of knowledge management to response ability is discussed, and knowledge management’ s role is characterized as consisting of two parts: a top-down directed component based on knowledge portfolio management and a bottomup grass-roots component based on collaborative learning. Learning is considered central to all concepts, and the subjects of organizational learning, learning styles, collaborative learning modes, and communities of practice are put in perspective. Finally, a model of knowledge management is abstracted from a successful real world example for reuse in corporate environments that would pursue the benefits and operating modalities of agile enterprise. The arguments and conclusions are the results of a ten-year research effort into highly adaptable enterprise systems.

On How Agile Systems Gracefully Migrate Across Next-Generation Life Cycle Boundaries

In this paper we explore the nature of migration as it applies to crossing system-retirement life cycle boundaries gracefully, intending to inform purposeful design of would-be, long-lived, always-effective enterprises, and the systems that support them. We use previous work on agile systems and enterprises to define migration as the crossing of a change in basic infrastructure, be it technical, organizational or strategic. We consider the classic view of the system life cycle and highlight its limitations in a rapidly changing world. We analyze two successful and contemporary large-scale migrations, and illuminate the factors that facilitated their success, contributing toward a pattern language for agile-system architecture in the process. Finally, the lessons of the analysis are suggested as potential informants for Force Transformation in the U.S. military and adoption of Service Oriented Architectures in the enterprise.